Privacy Guide – Stay Anonymous Online
How to Go from Potential Target to Virtually Invisible Online.
Are you worried about being a victim of the latest hack, ransomware, photo leak, or other breach, like the infamous WannaCry, Heartbleed, The Fappening or Equifax fiasco?
Well, you shouldn’t be worried. You should be terrified.
Rarely a week goes by that a major hack, data leak or cyber-crisis isn’t making headline news. With each one, tens of thousands to millions of people are affected. Don’t be one of them.
This comprehensive yet easy-to-read guide will walk you through everything you need to know from the most basic privacy protections to the most robust.
Each set of knowledge builds on the last, taking you from a stage of Anonymity Lite to Intermediate Anonymity, through to Advanced Anonymity, and finally, to Expert Anonymity.
We know you’re busy, so we won’t waste your time. We present the information in a concise, no-nonsense, no-BS way.
And we’re practical about it. There’s no use trying to turn you into Edward Snowden. For most people, that’s simply not necessary.
We’re focused on making sure you don’t become low hanging fruit for snoops, hackers and trackers.
We’ll teach you how to maximize your privacy specifically for your level of risk, depending on what you do online.
You don’t need to be perfect, you just need to be protected enough so that the bad guys move on to easier targets.
At the end of each section, we provide a list of the best online privacy tools and resources.
Just do it!
You must adopt the following practices. Otherwise, you are simply asking for it.
These are the bare minimum things you need to do.
If you take even just these basic steps you will be ahead of a vast majority of Internet users.
Those are the suckers the snoops, hackers and scammers love. Don’t count yourself among the suckers.
The fast-spreading WannaCry ransomware and countless other malware campaigns take advantage of this every day.
It is vital that you apply updates (sometimes called patches) to your operating system as soon as possible. The best way to do this is to enable auto-updates.
If you don’t want them installed automatically (for example, you don’t have access to a fast Internet connection), that’s fine but at least enable the options so that your computers and devices let you know when updates are available so you can apply them as soon as you can.
Are the passwords for your accounts still ‘123456’ or ‘password’? Then you’re vulnerable (and, sorry to say it, deserve to be)!
Using strong passwords and passphrases is one of the most important ways to stay protected – and it’s also one of the easiest to implement.
Here are two ways to fix your password problems:
- Create strong passphrases: To automatically generate good passphrases AND to keep track of all your passwords, use a trusted password management app like Dashlane or Lastpass. Both are free and easy-to-use.
- Enable double-authentication: This feature (sometimes called two-factor authentication or 2FA for short) can be activated with a single click and will keep your accounts safe even if someone manages to get their hands on your password.
That’s because the hacker would also have to get their hands on your second authentication method, usually your mobile phone. Here are the 2FA settings for Google and Facebook. For most accounts, look for Settings > Security > Login Approvals (or similar).
Dashlane (free) – a password manager that also lets you change one, some or all your passwords in one go (for example, in the event of a major data breach).
- see our full Dashlane review
Lastpass is a free and reliable must-have password manager for managing the dozens upon dozens of passwords that we all have nowadays.
- see our detailed Lastpass Review
Wait! Before you open that link or attachment, think twice.
Malicious links and attachments are often used by hackers to gain access to your computer, get sensitive info about you, and more.
That’s why you should always know what it is and who sent it before you open it.
That goes for links and attachments sent via email, social media, SMS message, chatting, torrent file-sharing, Usenet newsgroups, or any other source.
We get it. It’s hard to resist using social media sites and apps like Facebook, Twitter, and the like.
But if you’re going to sign up, at least be smart about it. Too many people make themselves potentially targeted through social media.
Here are some of the things you should never post on social media:
- Your full date of birth (at a minimum, leave out the year)
- Your address
- Your phone number
- Your middle name(s)
- Any similarly personally-identifiable information that could be used by someone to impersonate you online
- Any of the same information about your friends or family
You should also avoid sharing any travel or other plans to leave your house unattended. You can post all about your vacation after you get back, but don’t advertise your absence in advance.
Occasionally go through the Activity Log of your social media accounts and make sure you are not sharing anything by accident.
To keep your primary email address out of databases and away from spammers and more dangerous adversaries, use disposable temporary email addresses as much as possible.
These are especially handy for verifying account signups or newsletter subscriptions that you may be unsure about.
Temporary Email Addresses
- Hidester Free Temporary Email Address generator – free disposable email addresses that last for as long as you need them
- Mailinator, Guerrilla Mail, HMA Anonymous Email & My Trash Mail (all free) – disposable temporary email addresses
- AnonymousSpeech Secure Email (premium) – secure email provider with strong encryption, servers offshore (outside USA and Europe) & no user logging. See our secure email review.
- HushMail (premium) – a trusted, secure email provider since 1999
- FastMail – going 15 years strong; based outside the US in Australia
- EmailFinder.com, EmailTracer & IP-Adress.com’s Trace Email (all free) – reverse email trace searches
- EmailChecker – check whether an email address exists or not
- GnuPG – OpenPGP standard for email [advanced users only]
Reverse Email Trace
Check your email account in these sites (all free):
Your web browser’s private mode will disable tracking cookies and prevent plenty of trace information, such as your browsing and search histories, from being discovered and potentially used against you.
This is particularly valuable when you’re browsing sensitive information (this type of information is discussed in more detail below) because even just the names of cookies left behind on your computer or device can get you in hot water.
Plus, private browsing mode is easy to use. Chrome’s Incognito, Firefox’s Private Browsing, Internet Explorer’s InPrivate and Safari’s Private Browsing can all be activated with a single click, without any configuration or special software needed.
But don’t be lulled into a false sense of security. Private web browsing only offers a bare bones amount of protection. It’s not nearly enough to make you immune from online tracking, profiling, and other threats.
Did you know that every time you use search engines like Google, Bing or Yahoo, they’re collecting information about you, like your IP address, the words you searched for, the date and time of your search, the device you searched on, where you were when you did the search, etc.?
And search engines then cross-reference that data with the web sites you’re visiting and share it with their advertisers.
The information shard may seem harmless but powerful data brokers and resellers are putting all these data points together, generating dangerously detailed profiles about you and selling them to the highest bidder.
Lastly, know that search engines will also share your search histories with the government, if requested.
Fortunately, not all search engines are nearly as invasive as Google.
A few of our favorite privacy-oriented search engines, which promise NOT to track their users are below. This small step won’t make you completely private, but it’s easy and definitely a step in the right direction.
- Ixquick – non-USA based search engine respecting privacy (no tracking)
- DuckDuckGo – encrypted web searches that aren't tracked
- Disconnect Search – anonymizes search queries on the major search engines
- Anonymous Search Engine – keeps no access logs and encrypts all visitor traffic
Open, public Wi-Fi internet connections are a goldmine for hackers.
The black hats can sniff out your unprotected connection and grab your passwords, credit card details or anything else you do while using the unprotected hotspot.
This is less of a problem than it used to be as more websites now use end-to-end encryption to protect you – these are web addresses you see starting with ‘https’ and when your browser displays a small lock icon.
But you still never know what’s lurking when you hit “connect” for the hotspot at a café, hotel, airport lounge or other public space (see next heading).
Plus, it’s all too easy to be fooled into connecting to an altogether fake hotpot.
It’s best to completely avoid unprotected Wi-Fi but if you find yourself in a situation with no other choice, you should definitely use something called a virtual private network or VPN for short (we’ll cover VPNs in-depth under Advanced Anonymity below).
If hotpots are sharing an Internet connection, the same tips apply for shared physical devices.
Logging into your accounts from a computer in a hotel lobby or airport lounge or a courtesy tablet at a bar or restaurant is asking for trouble.
If you just want to browse news headlines or check sports scores that’s fine, but do not log in to any password-protected accounts or heaven forbid do any online banking!
Even if you fully trust the operators, you never know what unscrupulous guests may have bypassed security measures and installed keyloggers on the device.
Should, heaven forbid, disaster strike and you get hacked or owned, you need to have a plan.
For example, some password manager apps, like already mentioned Dashlane, have a change all passwords function. With one click you can change all your passwords to prevent the hacker from going any further.
It's also a good idea to diversify your providers. If you use Google for everything and your account is breached, the hacker will have access to, well, everything.
Now that you’re committed to the basics of online privacy and security – you are, right? – it’s time to graduate to the intermediate level.
Follow the measures below to go from bare bones protection to something a lot more comprehensive, capable of keeping you safe from most threats.
If you want to be protected online, you need to know a little about IP addresses. An IP address is what allows all the different devices connected to the Internet to communicate with one another.
That means that every time you connect to the Internet, you are assigned a unique IP address.
That means every video you watch, message you send, and search you do is connected to your unique IP address assigned to you at the time.
It’s thanks mostly to IP addresses that your online activities can be associated with you, tracked, combined, crossed referenced and shared among everyone from advertisers and data miners to hackers and government agencies.
IP addresses make it easy to track ad profile your online activities.
That’s why disguising your IP address is one of the most important things you can do for your online privacy and security.
Fortunately, there are a few ways to disguise your IP address:
And when it comes to VPNs, ExpressVPN is one of our favorites. This year, we not only named them our Best VPN Overall, they were also the fastest! So whether you’re looking for all-around quality or blazing fast speeds, they’re an excellent choice.
Full 30-day money-back guarantee
With ExpressVPN, you’re getting access to over 145 servers across more than 94 countries.
They also keep no activity or connection logs of your activities, making it a true “logless” VPN provider.
That, together with top-notch encryption of your data, means that your privacy is always secure.
- The Onion Router (Tor) is a completely free and reliable way to hide your IP address, but it can be slow and a bit complicated
- Proxies are another option, though they can also be slow as well as unreliable (who knows who’s operating them)
- A virtual private network, or VPN, is the easiest, fastest and safest way to disguise your IP address but they usually require a paid subscription.
- Panopticlick – EFF's tool determines how unique is your browser configuration
- MyPermissions – check which websites and online apps you've granted permission to access your information
- StayInvisible – online tracking tester
- Google Account History – displays your Google-related activities including search history and location history
- Immersion – email metadata analysis
- HaveIBeenPwned – check your email against account breach databases
- ScanEye – torrent file-sharing detection and monitoring
- JustDeleteMe – comprehensive collection of direct links for deleting online accounts
It’s easy enough to use your browser’s privacy mode for some basic privacy – we already covered that above. But reliable browser plug-ins offer even better protection.
Some of our favorites are below. The best part is, all of these plug-ins are completely free! Installing just a few of them will go a long way to preventing your web browsing from being tracked and keeping your personal information under wraps, safe and secure.
- HTTPS Everywhere (free) – EFF's tool “enforces” secure connections and redirects you to secure SSL connections wherever possible, sending you to the HTTPS version of most websites
- Privacy Badger (free) – EFF's anti-tracking plug-in blocks the trackers that try to attach themselves to you online
- Disconnect (free) – another free, anti-tracking plug-in that blocks online tracking
- AdBlockPlus (free) – an extension that blocks ads, cookies and other tracking elements
- Ghostery (free) – an effective anti-tracking tool, but skip the “GhostRank” opt-in during installation as enabling this will send data to the developer, supposedly anonymized by why take the chance
- uBlock Origin – similar to Ghostery for Firefox and Chrome browsers
- PixelBlock (free) – a Gmail extension for Chrome that prevents tracking when you open and read emails
- Self-Destructing Cookies – a Firefox add-on for cookies; this one will delete cookies each time you close a browser tab (Chrome version)
You might be wondering about the protection offered by enabling the ‘Do Not Track’ option in the your browser’s settings.
Enabling it is certainly better than nothing, especially as it is easy to do so.
But the truth is that many websites you visit simply do not honour this setting even though they are supposed to.
It’s up to each website whether or not to honour your ‘do not track’ web page requests. As you can imagine, the websites you are most worried about it ignore it.
The browser plugins above are a much better way to prevent online tracking of your activities, especially when used in combination with a VPN as already touched upon.
These days, it seems like almost every one of our online accounts pushes options like ‘Keep Me Logged In’ or ‘Remember Me’.
But while these features may save us a little time, they also make us drastically less secure in the long run.
Whether it’s your social media, email, or online banking portal, we strongly recommend that you don’t stay logged into these accounts when you’re not using them – especially on your more sensitive accounts.
Don’t be lazy: hit that logout button!
As we use our mobile devices more like full-fledged computers, we have to adopt the same kind of privacy measures too.
This means being aware of and, in some cases, disabling your mobile browser’s search history and your phone’s location tracking (and the apps that rely on it).
Just like with your computers and tablets, you can also use your mobile web browser’s private browsing mode.
Location tracking is a tough one because so many useful mobile features and apps rely on it. If you can’t live without location tracking, toggle it on and off as needed.
Speaking of apps, many mobile apps have proven again and again that they are invisibility harvesting your personal data. Free apps (especially of the “fun” variety) are notorious for this, so choose and install them selectively.
Now it’s time to really crank things up with our Advanced Anonymity tips, which will put yet another line of privacy and security between you and those you would seek to do you harm.
As early as Basics we touted the benefits of using a VPN.
Given their low cost and many benefits, we highly recommend signing up for a trusted, reliable, premium VPN provider and using it most of the time you are online.
If you are on a tight budget, you can also use Tor for free and enjoy most of the benefits of a VPN. But even a best-in-class VPN costs only $3.08/mo.
Keep in mind that there are over 200 VPNs on the market today, so choose your VPN provider carefully.
In particular, select a VPN that keeps no logs. This means the VPN does not keep any records of who connects when to its service. This is important for your privacy.
Masking your online presence behind a VPN or Tor helps to obfuscate your online activities, making you harder to track and profile.
You should use a VPN or Tor on all of your devices and operating systems, whether computers, tablets or smartphones.
- What's My IP links – collection of tools that report your IP address
Use powerful file encryption apps to hide and protect the information and data on your computer and devices, whether from inadvertent disclosure (for example, through loss or theft) or from determined adversaries.
Ideally, use only trusted open source apps as there is no guarantee that proprietary apps won't have “back doors”.
Use privacy cleaning apps to clear the traces of your activities left behind on your computer and devices.
- CCleaner (free) - clears history records from Windows, web browsers and apps and also removes temp files, logs, recent item lists etc. Further includes tools for file and drive wiping and for duplicate file detection/deletion.
- BleachBit (free & open source) – the privacy cleaner used by Edward Snowden. ‘nuff said.
- CCleaner (free) – easy file, free space and disk wiping
- Directory Snoop (premium) – forensically examine your storage media right down to the cluster level and wipe files, free space or entire drives
- Eraser (free & open source)
- Recuva (free) – undelete files with ease
- EnCase – professional forensic hard drive analysis software
- Fred (aka Forensic Recovery of Evidence Device) - professional forensic hard drive analysis software
- Directory Snoop –affordable “lite” forensic analysis software that analyzes storage media at the cluster level
While you should always strive to protect your privacy and anonymity online, there are certain issues that you should be especially careful with, due to their sensitivity and potential harm to you.
Streaming content continues to get more and more popular as time goes on. And torrenting has long made up a huge portion of all web traffic.
But that doesn’t mean it’s safe. In fact, when you stream a movie or TV series or download a game or computer program, your IP address (and thus your identity) can be added to a database that sticks around for years!
Best Torrent File-sharing / P2P Apps & Tools
- µTorrent (free) – widely used file-sharing client app but best to use one of the others below
- qBittorrent (free & open source) – alternate file-sharing client app
- PeerBlock (free) – IP address protection tool that shields you from connecting to “unfriendly” IPs
- ExpressVPN – the fastest torrent VPN which is also based outside the USA
- TorGuard, IPLeak.net & ipMagnet (all free) – confirm your true IP address is masked when torrent file-sharing
You should never use the Internet as a substitute for a doctor’s opinion. That being said, it can still be a valuable tool to research symptoms, treatments, or prices for a variety of different ailments and conditions. It’s also great for finding out how to avoid bankruptcy and other financial troubles.
Just make sure you’re using a VPN (at minimum) when you’re searching, since you don’t want your searches and activity tied to your identity. If you don’t, you will start seeing related ads almost right away. But much worse, your profile could even start to have an impact on your eligibility for credit and health insurance.
It seems like everyone has a strong opinion about politics these days. Posting about it online has gotten lots of people in trouble, whether with their employer, their social circle, or worse yet, law enforcement.
So, if you insist on being politically active online, make sure to do it anonymously. You don’t have to be Edward Snowden or Julian Assange to cover your tracks.
Streaming and BitTorrent file-sharing are the most popular ways to enjoy content, but not the only ways. There is still plenty of content to watch or download from the good old world wide web. In addition, the zany world of Usenet remains an excellent source for lots of content.
Website Copier Apps
- Internet Download Manager – IDM has “site grabber” web copier and YouTube video grabber features
- Darcy Ripper (free) – Java-based website copier
- Newshosting – best overall uncensored Usenet provider with servers in both USA & Europe (learn more)
- Eweka – solid European-only Usenet provider (based in the Netherlands)
- SABnzbd (free) – automated Usenet newsreader app [for advanced users]
- GrabIt (free) – Usenet newsreader app tailored for binaries (media) downloading
The Internet remains as popular as ever for enjoying adult videos, images and stories. Of course, we know you’re not into that kind of thing (*wink wink*). But if you were, you’d definitely want to do your business from behind a VPN, Tor, or the like, whether you’re browsing, streaming, or downloading.
If you don’t take these measures, these activities could be associated with your profile and identity, leading to an increase in unwanted spam for dating sites, sexual enhancement products, and more. And that’s just the stuff you can see.
When your identity is invisibly linked to adult-related activities, this may come back to haunt you in all kinds of ways, now and in the future, just like with Health and Financial above.
Also remember to secure your computer or device while doing so. This includes using your browser’s private mode, making sure you are logged out of your accounts (oops, you just shared a naughty pic on Facebook) and use a cleaning app afterwards to remove any trace data.
We won’t dwell on these techniques too much because they are difficult to implement; most people will find them too time consuming or complicated to be worthwhile.
Of course, if you live somewhere where Internet freedom is suppressed and you face higher risks for your online activities, such as fines, prosecution or even jail these methods may be worth the extra time and effort.
This is a way to protect your online activities at the source. By setting up a VPN router, all of your Internet activity will be routed through a VPN from the get-go.
A VPN router ensures that all your Internet-enabled devices – even ones that you can’t normally install a VPN app on – are protected.
This even includes your or your kids’ gaming consoles such as XboX and PlayStation.
Because you are always protected at the source of your Internet connection, you also never have to worry about forgetting to turn on your VPN.
Using a VPN Router also means you don't have to install a separate VPN app on your devices (though we still recommend you do for VPN protection when you are not at home).
There are few privacy and security solutions as comprehensive as TAILS, which is an entire operating system that addresses vulnerabilities at every level.
It can be booted from a USB drive or CD for easy use, and once you end the session, all traces of your activity are wiped clean from the system.
TAILS automatically forces all of your internet traffic through the Tor network, plus it contains encryption tools for your files, emails, and other messaging.
The best part is it’s all free – and open source.
Unfortunately, it’s a little more complicated than most people are willing to deal with, since it requires you to use a totally different operating system than the one you’re used to.
And that can cause some compatibility issues with programs, software, and files that you rely on.
Even with all of your efforts to stay anonymous, there is often still a link between your identity and your online activity – and that comes from payments.
For instance, if you sign up for a VPN using PayPal or a credit card, that creates a link between you and that VPN account because the company behind the payment method you used to sign up with has your personal information on file.
And while it may not be as dangerous as some of the other threats to your privacy, it still is nonetheless.
In theory, your masked activities could still be linked back to you thanks to the payment.
A motivated-enough party, like law enforcement or a particularly malicious snoop, hacker or other adversary, could use that info to track you down and determine your identity.
That’s why people who are looking for total anonymity should consider other payment methods. Bitcoin is the most well-known.
While it and other cryptocurrencies aren’t 100% guaranteed anonymous, they’re close enough for anyone that’s not a national security risk.
However, be aware that there is a learning curve to using Bitcoin and cryptocurrency in general.
- Paygarden – avoid paying for products and services with your credit cards by paying with major brand gift cards. Gift card payments can be completely anonymous
A virtual machine (or VM for short) is another expert measure that works by creating a sort of computer within a computer.
You’ll allocate a certain amount of your memory and hard drive space to the virtual machine which will then run its own operating system, programs, etc.
The reason this can be so effective for privacy and security is that the virtual machine is separately sealed off from your actual computer.
For instance, if you get a virus on your virtual machine, it won’t infect your computer. If your virtual machine gets hacked remotely, they’ll only have access to the data and programs used by the particular virtual machine.
This makes a virtual machine a good way to keep your main computer and info protected while doing sensitive tasks or accessing suspicious files.
You can even access the Internet (and download files) through the virtual machine. And the best part is, you can delete the virtual machine any time you want, or even create more than one.
Plus, you can set up multiple virtual machines on your computer. This enables you to use different virtual machines for different tasks (for example, one for general web browsing, one for online banking and another for streaming, torrent file-sharing or Usenet downloading).
Of course, most of this goes beyond the needs and wants of the average user, but virtual machines can be a valuable tool for those of you who are concerned with getting the highest level of privacy and security.
Make sure the resources you consult are reliable. Here are some you can trust:
- Online Guide to Practical Privacy Tools – EPIC.org's unbiased, trusted list of resources and tools
- Prism Break – comprehensive list of free and open source software (FOSS) privacy tools
- Surveillance Self Defense – EFF's guide for those in need of ultimate anonymity such as human rights activists living under oppressive regimes
- Center for Democracy & Technology’s (CTD's) Guide to Online Privacy
YOU MADE IT!
Congratulations, you are now well equipped to protect your privacy online.
Check out our most popular posts to learn even more.